I guess everyone knows, that using:

1
2
3
<script type="text/javascript">
myMagicFunction("This & That");
</script>

is pretty bad practice. The issue is, that the & should be escaped and read as &amp; instead.

If you are reading this code with an Ajax-Request and it contains for instance unescaped & character, it will fail to load the xml properly and also fail executing the embedded javascript.

The workaround I see pretty often is the following (even suggested by w3schools):

1
2
3
4
5
<script type="text/javascript">
<![CDATA[
myMagicFunction("This & That");
]]>
</script>

a better way is of course:

1
2
3
4
5
<script type="text/javascript">
// <![CDATA[
myMagicFunction("This & That");
// ]]>
</script>

because it does not break any backwards compatibility to browsers, who do not get the cdata tag when in non xml mode.

This solution has one big problem: This claims the inner content to be included at this point and be escaped automaticly. And this valid html will be made visible to search engines.

Since I don't want anyone to count this comments as content for my website I am using the following solution for ages:

1
2
3
4
5
<script type="text/javascript">
// <!--
myMagicFunction("This & That");
// -->
</script>

It works like a charm. If you are still using any of the previous solutions, please consider this solution as a replacement.